Brute Force Decryption Vulnerability in Fortra's GoAnywhere MFT
CVE-2025-1241

5.8MEDIUM

Key Information:

Vendor: Fortra
Status: Goanywhere Mft
Vendor: CVE Published:; 21 April 2026

What is CVE-2025-1241?

A vulnerability exists in Fortra's GoAnywhere MFT and GoAnywhere Agents that stems from the use of a static Initialization Vector (IV) for encrypting sensitive data. This flawed implementation enables an adversary, with sufficient privileges, to execute brute-force attacks to decrypt the data, potentially exposing sensitive information. It is critical for users of affected versions to upgrade to the latest releases to safeguard their data against this exploitation.

Affected Version(s)

GoAnywhere MFT Windows 0 < 7.10.0

References

https://fortra.com/security/advisories/product-security/F...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Feb 11, 2025

Credit

Robin Wolters, Secura

CVE-2025-1241 Data

JSON